Certification

If you are thinking about doing the Cisco Wireless track then the CCNP Wireless is not one to take lightly. Announced in March 2016, CCNP Wireless still consists of four exams but have been revised to meet real world skills and demands.

The expiring exams start with 640-XXX. The new CCNP Wireless exams are:

300-360 WDESIGN

Taking a look at the 300-360 WIDESIGN (Wireless Design) exam shows they have added two more objectives, from five to seven.

While 642-732 focused mostly on site surveys, it looks like the new 300-360 encompasses site surveys and WLAN design. What is also interesting is the inclusion of two third party tools, which I personally use, Ekahau Site Survey and Metageek Chanalyzer.

The objectives for 300-360 are fairly evenly spread out averaging 14% per objective for the exam.

I am happy to see focus on requirements gathering, predictive design and pre- and post-deployment surveys.

What I believe will be difficult with 300-365 are the objectives for knowing controller-based functions such as high availability and FlexConnect. This would require equipment to practice these objectives. Additionally, you’ll need knowledge in working with MSE, IOS-XE and Prime.

300-370 WITSHOOT

Another exam where the objectives changed from five to seven objectives. WITSHOOT is actually a new exam in CCNP Wireless. Previously there was no dedicated troubleshooting exam.

I think this is actually a good thing because out in the field, troubleshooting is a primary function of managing a wireless network. The focus of this exam is in troubleshooting methodologies, techniques, and tools.

Be prepared to analyze debug messages, know your show commands, troubleshoot configuration issues, know about RF interferences and even infrastructure issues. Although CCNP Wireless is in fact a wireless exam, there are objectives targeted towards issues on the infrastructure side.

300-375 WISECURE

Wireless wouldn’t be complete without security. A topic that shouldn’t be taken lightly. But this is the only exam that went from seven objectives to five.

So this exam is a double-edged sword. They remove NAC, WCS, and ACS (WOO HOO!) but wait a second, they added ISE. Yep.

This is an in-depth security exam as they list objectives dealing with EAP, 802.11w, policies, 802.1X, AAA, you name it.

My Thoughts

The new CCNP Wireless certification beginning in 2016 looks like a great certification to go for. I think they’ve added several objectives that target real world skills and scenarios.

I like the addition of a consolidated troubleshooting exam. I’ve spent a lot of time troubleshooting wireless with regards to interference, capacity, and even application issues that would mask as a wireless issue.

In comparison to the CWNP exams, you can’t really do it. It’s apples and oranges. CWNP is vendor neutral and you won’t really dive into some of the Cisco-centric technologies in any CWNP exam.

So I’ll say it here, I highly recommend at least taking CWNA before diving into a vendor specific certification for the knowledge of wireless in general. It will come in handy for real world and in the exams for design and troubleshooting.

The questions focus on how they got their start in security to what kind of equipment you should have in your lab. We’ll also talk about what kind of experience is expected when taking the CCNA Security exam.

So let’s just dive into the Q&A:

How did you get your start in security?

John Stuppi (John): I joined Time Inc. (publishing division of Time Warner) in 1998 as a Network Engineer and we had a staff of three (including my manager) so we had to wear a lot of hats: network design, network engineering, network operations, and network security.

We started out managing Check Point firewalls and then became involved with various VPN and Security products from Cisco. Since I’ve been with Cisco (starting in September 2000) I have been 100% focused on network security.

Omar Santos (Omar): I started in security when I joined the U.S. Marines in 1994 and then provided support for the U.S. Department of Defense (DoD) until 1999. I joined Cisco shortly after, and just like John, I have been fully focused on network security.

I started in Cisco’s Technical Assistance Center (TAC) supporting all security products. After a 4-year tour in the TAC, I joined the World Wide Security Practice leading several security engagements (i.e., security architecture reviews, security implementations, design guidelines, etc.) for Forture 100/500 customers and government organizations.

In 2007, I joined Cisco’s Product Security Incident Response Team (PSIRT) in the Security Research and Organization group. In PSIRT, I investigate and drive-to-resolution security vulnerabilities in all Cisco products and services, evangelizing security automation, and also assisting customers that are under attack or have been breached.

Cisco announced the end of CCNA Security v2.0 exam for November 30th, 2015. After that date, you may only take the new 210-260 exam.

You have the choice to pick either exam at the moment.

So what’s new with CCNA Security? What do you need to know between v2.0 and v3.0 (210-260). The CCNA Security is an Associate level exam from Cisco Systems, focusing on the Security track.

The prerequisites for this certification is a valid CCENT or CCNA Routing and Switching certification. At 90 minutes, you will be presented with 60-70 questions and it is proctored by Pearson Vue.

What’s New In CCNA Security 210-260?

Otherwise known as IINS or Implementing Cisco Network Security, this latest revision gets pared down from 9 objectives to 7. A couple of objectives were shuffled around and combined with others.

An example is the Security Concepts objective. I welcome this change as v2.0 used to have concepts scattered in different objectives. Most of these require you describe or identify common security concepts.

Below are my notes for the CCNP Routing & Switching SWITCH 300-115 certification exam. I used two Cisco 3560 switches and GNS3 to perform my labs. For theory, I used Cisco Configuration Guides and the Cisco Press Official Certification Guide.

Hot Standby Router Protocol, HSRP, is a Cisco proprietary protocol to make multiple routers or switches appear as one gateway. The gateway is where the redundancy is provided. For each redundant gateway, there is a common HSRP group. One router/switch becomes the primary HSRP router and another is selected as the standby HSRP router. Any other devices part of the group are in the listen HSRP state.

R1 and R2 will be HSRP enabled.

At a 3 second interval, routers send HSRP hello messages to become aware if the other is up or down (between Active and Standby). The hold time value is 10 seconds or three times the hello timer. These hello messages are sent to the multicast address 224.0.0.2 using UDP port 1985.

There can be up to 255 HSRP groups and they are only locally significant.

Election of an active and standby HSRP router is based on a priority value of 0 through 255. By default, the priority is 100 but the highest priority value becomes the active router for the HSRP group. If there is a tie, the router with the highest IP address becomes the active router.

Are you planning on studying for the CCNA this year? As we begin the new year, 2015, many will have a goal of studying and acquiring their Cisco CCNA certification. A challenging yet tough goal.

There are many resources available for the future network engineer but there are two books I always recommend to anyone wanting to tackle the CCNA. Both are from Cisco Press and authored by Wendell Odom who does a fantastic job in getting you all the information you need to pass the CCNA.

Depending on how you are going to take the exam you have two options, composite or separate exams.

Why Cisco Press books? They follow the exam objectives. It’s easy to go through while following the blueprint. The CCNA books come with pre-chapter quizzes to test your knowledge of each topic. I recommend taking the pre-chapter quizzes after reading through the material to find out where your weak areas are.

At the end of each chapter there are exercises to reinforce what you just read. Additionally, you are given memory tables of which you should memorize for the exam.

The extra material is aimed at helping you master the topics needed to pass the CCNA exam. The books are very helpful and should be the core part of your study plan.

EtherChannel Guard is a way of finding out if one end of the EtherChannel is not configured properly. This could be that there are some parameters not matching up such as duplex and speed. Or it could be that one side is a trunk and the other isn’t.

When there is a misconfiguration found, the switch will place the interfaces in error-disabled state and an error will be displayed.